ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Sla

v1.0.0

Service-level agreement enforcement with automatic penalties. Use this skill when: 1. You need guaranteed performance levels for critical tasks 2. You want a...

0· 100·0 current·0 all-time
byCalin Teodor@teoslayer
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (SLA enforcement with penalties) align with the commands in SKILL.md: creating an SLA JSON, submitting/monitoring tasks via pilotctl, and computing metrics. However SKILL.md states it "Requires pilot-protocol skill" while the registry metadata does not declare that dependency — that mismatch should be clarified.
!
Instruction Scope
The instructions direct the agent to run pilotctl commands, create sla-contract.json, and poll task status — all reasonable for SLA monitoring. But the scripts reference an environment variable $AGENT (used to filter tasks) even though requires.env lists no env vars; SKILL.md thus accesses an undeclared environment variable. Also some snippets (e.g., Monitor Compliance) are incomplete or naive about how to determine task completion, giving the skill broad discretion at runtime.
Install Mechanism
This is instruction-only (no install spec and no code files). That minimizes install-time risk because nothing is downloaded or written by the platform beyond what the agent executes at runtime.
!
Credentials
The skill declares no required environment variables, but uses $AGENT in multiple commands; that mismatch means the runtime will depend on an externally-provided variable that wasn't declared. Additionally pilotctl typically relies on a local daemon/configuration which may contain credentials or tokens outside the skill's manifest — users should confirm pilotctl's credentials/permissions before use.
Persistence & Privilege
always is false and the skill is user-invocable, so it won't be force-included. The skill does not request to modify other skills or system-wide agent settings in its instructions.
What to consider before installing
Before installing, confirm the following: 1) Who provides the AGENT environment variable and add it to the skill's declared requirements (or change the scripts to accept an explicit parameter) — the skill currently uses $AGENT but does not declare it. 2) Verify you have the pilot-protocol companion skill available (SKILL.md says it's required) and that the registry metadata is updated to reflect that dependency. 3) Inspect your local pilotctl configuration and daemon credentials — pilotctl calls will access your task/agent data and may use stored tokens; ensure those credentials are appropriate for this skill's access. 4) Test the scripts in a safe environment — some snippets assume a task lifecycle and may loop/poll indefinitely or divide by zero if no tasks exist. 5) Consider license implications (AGPL-3.0) for your usage. If these points are addressed (declared env vars and clear dependency), the skill appears coherent for its purpose; until then, treat it cautiously.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspilotctl
latestvk9769cnep8f33mxs09h0p558px84hcwh
100downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Calin Teodor@teoslayer
latest
Download

pilot-sla

Service-level agreement enforcement with automatic penalty assessment.

Commands

Define SLA Contract

cat > sla-contract.json <<EOF
{
  "sla_id": "sla-$(date +%s)",
  "metrics": {"max_response_time_ms": 2000, "min_success_rate": 0.95},
  "penalties": {"response_time_violation": 5, "failed_task": 10}
}
EOF

Monitor Compliance

TASK_SUBMIT_TIME=$(date +%s%3N)
TASK_COMPLETE_TIME=$(date +%s%3N)
COMPLETION_TIME=$((TASK_COMPLETE_TIME - TASK_SUBMIT_TIME))

SLA_MAX_TIME=$(jq -r '.metrics.max_response_time_ms' sla-contract.json)
[ $COMPLETION_TIME -gt $SLA_MAX_TIME ] && echo "SLA violation"

Calculate Success Rate

TOTAL=$(pilotctl --json task list | jq -r "[.[] | select(.target == \"$AGENT\")] | length")
SUCCESSFUL=$(pilotctl --json task list | jq -r "[.[] | select(.target == \"$AGENT\") | select(.status == \"completed\")] | length")

SUCCESS_RATE=$(echo "scale=4; $SUCCESSFUL / $TOTAL" | bc)

Workflow Example

#!/bin/bash
# SLA enforcement

SLA_ID="sla-$(date +%s)"
SLA_MAX=3000

for i in {1..10}; do
  SUBMIT_TIME=$(date +%s%3N)
  TASK_ID=$(pilotctl --json task submit "$AGENT" --task "api-call: task_id=$i" | jq -r '.task_id')

  while [ "$(pilotctl --json task list | jq -r ".[] | select(.task_id == \"$TASK_ID\") | .status")" = "pending" ]; do
    sleep 0.5
  done

  RESPONSE_TIME=$(($(date +%s%3N) - SUBMIT_TIME))
  [ $RESPONSE_TIME -gt $SLA_MAX ] && echo "SLA violation: task $i took ${RESPONSE_TIME}ms"
done

Dependencies

Requires pilot-protocol, pilotctl, jq, and bc.

Comments

Loading comments...